#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Remove Legacy ’+’ Entries from Password Files

#Initialize variables
export PRECHECK="if [ -z "$(grep "^+:" /etc/passwd /etc/shadow /etc/group)" ]; then \
echo The Legacy '+' entry is not being used; fi"
export QUESTION="Would you like to remove Legacy ’+’ Entries from password files?"
export DESCRIPTION="The + symbol was used by systems to include data from NIS maps into existing files. However, a certain configuration error in which a NIS inclusion line appears in /etc/passwd, but NIS is not running, could lead to anyone being able to access the system with the username + and no password. Therefore, it is important to verify that no such line appears in any of the relevant system files."
export SOLUTION="if [ -z "$(grep "^+:" /etc/passwd /etc/shadow /etc/group)" ]; then \
echo The Legacy '+' entry is not being used;\
else echo There is a Legacy '+' entry in the password files.  Please remove it.; fi"


